Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Project charter and team meetings to media page #48

Merged
merged 2 commits into from
Feb 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions content/ai_exchange/content/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
{{< spacer height="40" >}}

{{< cards >}}
{{< small-card link="/charter" title="Charter" icon="document-text" >}}
{{< small-card link="/connect" title="Connect with us!" icon="chat" >}}
{{< small-card link="/contribute" title="Contribute" icon="star" >}}
{{< small-card link="https://forms.gle/XwEEK52y4iZQChuJ6" title="Register" icon="login" >}}
Expand Down
53 changes: 53 additions & 0 deletions content/ai_exchange/content/charter.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
title: 'AI Exchange Charter'
---
## Purpose
>Comprehensive guidance and alignment on how to protect AI against security threats - by professionals, for professionals.

The goal of the OWASP AI Exchange is to protect society from AI security issues by independently harnessing the collective wisdom of global experts across various disciplines. This initiative focuses on advancing AI security understanding, supporting the development of global AI security guidelines, standards and regulations, and simplifying the AI security domain for professionals and organizations. Its goal is to provide a comprehensive overview of AI threats, risks, mitigations, and controls, aligning with global standardization initiatives such as the EU AI Act, ISO/IEC 27090 (AI Security), the OWASP ML Top 10, the OWASP LLM Top 10, and OpenCRE. This alignment, achieved through open source, is crucial to prevent confusion and ignorance, leading to harm from AI security incidents.

## Target Audience
This charter primarily addresses the needs of cybersecurity experts, privacy/regulatory/ legal professionals, AI leaders, developers, and data scientists. It offers accessible guidance and resources to these groups, enabling them to build and maintain secure AI systems effectively.

## Mission / Goals
Our mission is to establish the OWASP AI Exchange as the place to go for professionals who want to understand AI security, and to be the authoritative source for consensus, alignment, and collaboration among various AI initiatives. We aim to foster a unified approach to addressing AI security challenges.

## Scope & Responsibilities
- Develop a comprehensive framework for AI threats, risks, mitigations, and controls.
- Create a map integrating AI regulatory and privacy regulations.
- Establish a common taxonomy and glossary for AI security.
- Provide guidance on testing tools with outcome assessments.
- Formulate a shared responsibility model for third-party AI model usage.
- Offer supply chain guidance and an incident response plan.

## Relation to other OWASP or other organization initiatives
These are the other OWASP AI initiatives and the relation with the AI Exchange;
- The OWASP AI security and privacy guide is the official OWASP project under which the AI Exchange was established. The deliverable of this project consists of the AI Exchange content plus guidance on AI privacy.
- The OWASP LLM top 10 provides a list of the most important LLM security issues, plus deliverables that focus on LLM security, such as the LLM AI Security & Governance Checklist.
- The OWASP ML top 10 provides a list of the most important machine learning security issues.
- OpenCRE.org has been established under the OWASP Integration standards project and holds a catalog of common requirements across various security standards inside and outside of OWASP. The plan is to let OpenCRE contain new AI security controls as well.

## Roadmap
- Purpose and mission defined for OWASP AI Exchange Project Working Group
- Working group charter to 1.0
- Project Plan
- Working group established

## Implementation
- Create a roadmap, share documents, and establish a meeting cadence.
- Record meetings and take notes for transparency and accessibility.
- Communicate developments through newsletters.

## Next milestone for content
- Bring content to 1.0 draft.
- Address all outstanding tasks in the ‘Contribute’ section.
- Make sure all topics are sufficiently covered regarding depth and width, including references to relevant work.
- Ensure clarity of all content.
- Align content as good as possible, with other initiatives like Mitre Atlas, NIST, the LLM Top 10, ENISA’s work, and the AIAPP International Privacy Group.
- Review 1.0 draft.
- Conduct internal reviews.
- Get public comment from other communities / peer review.
- Release the final version 1.0, alongside a communication strategy and feedback process.

## Copyright
The AI security community is marked with CC0 1.0 meaning you can use any part freely, without attribution. If possible, it would be nice if the OWASP AI Exchange is credited and/or linked to, for readers to find more information.
11 changes: 11 additions & 0 deletions content/ai_exchange/content/media.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,14 @@ excludeSearch: true
| 4 Jul 2023 | Software Improvement Group Podcast | A.I. Security: A guide to implementing security and risk controls in AI | [Podcast](https://www.brighttalk.com/webcast/19697/586526) |
| 23 Feb 2023 | The Application Security Podcast w/ Chris Romeo and Robert Hurlbut | OWASP AI Security & Privacy Guide w/ Rob van der Veer | [YouTube](https://www.youtube.com/watch?v=SLdn3AwlCAk&) [Podcast](https://www.buzzsprout.com/1730684/12313155-rob-van-der-veer-owasp-ai-security-privacy-guide) |
| 15 Feb 2023 | OWASP Conference Dublin | Attacking And Protecting Artificial Intelligence w/ Rob Van Der Veer | [YouTube](https://www.youtube.com/watch?v=ABmWHnFrMqI) |

## AI Exchange Team Meetings
- Bi-weekly Sync on **Thursdays at 5 PM (GMT), 8 AM (PST)**
- **Upcoming Meeting February 8, 2024** (link will be posted)
- Previous Meetings can be viewed on the **[YouTube channel](https://youtube.com/@RobvanderVeer-ex3gj?si=s2-gDFrRCazNge_c)**

### Previous Meetings

| Date | Title | Video |
| - | - | - |
| 25 Feb 2024 | 2024 Kick Off | [YouTube](https://youtu.be/rwqv2m4-0vA?si=ZSB5-DfntaUjxF8I) |
Loading